Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34362e302f32332d3234203d3e20383334.roa
File:                     3231322e3130332e34362e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          KXdSlEyWgzgk/M6Mp4m4zNoDfJwL8UmNysyOArD47tw=
Subject key identifier:   7A:65:0E:D7:F7:C0:C5:A1:96:5F:BB:0E:56:84:9C:87:D3:DE:9A:35
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       6165ECEB6FD440E4C3BA215530DEC896D751C922
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34362e302f32332d3234203d3e20383334.roa
Signing time:             Thu 30 Oct 2025 15:27:47 +0000
ROA not before:           Thu 30 Oct 2025 15:22:47 +0000
ROA not after:            Thu 29 Oct 2026 15:27:47 +0000
asID:                     834
IP address blocks:        212.103.46.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 18:21:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:65:ec:eb:6f:d4:40:e4:c3:ba:21:55:30:de:c8:96:d7:51:c9:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Oct 30 15:22:47 2025 GMT
            Not After : Oct 29 15:27:47 2026 GMT
        Subject: CN=7A650ED7F7C0C5A1965FBB0E56849C87D3DE9A35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:04:95:af:72:0f:cb:22:a3:e1:c5:1a:d7:d3:
                    6c:e3:0a:0a:0a:d4:1d:c2:8d:f7:71:8b:66:7f:ad:
                    e4:63:26:d6:aa:08:2a:13:9c:68:83:cf:c1:4e:08:
                    ea:25:f6:2d:b2:0b:0e:d0:38:4c:09:ad:48:89:a2:
                    04:c5:55:8e:8e:73:a3:3b:d6:57:1c:f2:1e:e8:78:
                    35:1a:39:a3:aa:0b:b6:46:fb:50:15:fd:16:eb:93:
                    bf:66:5c:d8:05:7e:15:e3:30:de:c2:c6:e6:ec:93:
                    72:7d:97:9d:c9:66:eb:23:85:65:64:b3:d5:db:c1:
                    52:ea:a7:9e:2c:eb:4f:e5:ce:79:8d:70:08:30:29:
                    89:94:b1:f8:f7:86:d0:3b:51:eb:9c:13:a7:a0:f9:
                    6f:11:2e:ad:70:8f:5e:b1:a5:c5:97:f5:ac:31:2d:
                    a3:91:80:65:6d:77:3e:2c:37:02:44:11:ce:c7:74:
                    cf:08:f0:fa:89:78:3e:b6:1d:ef:c3:fb:86:06:ff:
                    c9:37:5a:b4:39:7d:84:34:6e:67:ae:09:bf:e6:0d:
                    7d:04:a8:80:3f:b3:9a:72:0a:e9:be:7d:e4:da:11:
                    a9:44:14:c1:81:5f:ca:d5:eb:13:be:d2:0f:62:0c:
                    67:80:23:95:b6:1c:34:09:da:c6:78:c4:d8:3c:d5:
                    2d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:65:0E:D7:F7:C0:C5:A1:96:5F:BB:0E:56:84:9C:87:D3:DE:9A:35
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34362e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.103.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:ea:24:1f:31:d8:a6:20:92:13:b0:67:51:f6:bf:60:c9:cb:
         9f:f3:ec:4a:f2:6e:d6:d0:04:c6:42:35:c1:d8:bd:d0:3d:4b:
         c0:0c:67:56:2e:5f:a7:5f:94:d9:ac:6a:c8:8a:6c:51:9f:0a:
         86:0d:0f:1b:2f:61:f4:b4:b3:8a:7d:2d:a1:e3:f2:e3:b5:59:
         62:d9:98:66:44:9c:2e:c9:97:56:e1:81:49:6a:10:a6:91:56:
         e2:97:e8:c8:25:9b:8a:fc:b8:16:22:55:04:ae:a8:f3:18:fa:
         2b:0a:12:00:1b:63:fc:0b:56:ac:af:c3:90:ca:93:d9:6e:f0:
         d3:65:1d:5d:0c:ab:06:24:65:24:73:de:0f:bf:e0:2c:22:c1:
         1b:82:03:fd:89:bc:3b:52:a2:19:65:46:59:f2:5e:7c:93:00:
         8c:3f:12:87:80:da:a9:fe:a4:ff:50:43:fb:9b:e5:24:54:4d:
         62:37:f9:61:e4:da:01:28:38:6a:08:e4:0d:a0:54:88:b6:66:
         b7:4e:f4:8e:79:f6:a9:d0:e4:5f:22:63:3a:7c:9b:4e:46:e9:
         f6:70:18:d8:66:7d:7c:65:23:54:65:4c:83:10:7e:93:88:c1:
         aa:8f:56:84:f9:c3:b1:89:d8:8c:2f:e2:31:ff:1c:da:62:97:
         8e:a8:a9:2f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUYWXs62/UQOTDuiFVMN7IltdRySIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNTEwMzAxNTIyNDdaFw0yNjEwMjkxNTI3NDdaMDMxMTAvBgNV
BAMTKDdBNjUwRUQ3RjdDMEM1QTE5NjVGQkIwRTU2ODQ5Qzg3RDNERTlBMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfBJWvcg/LIqPhxRrX02zjCgoK
1B3Cjfdxi2Z/reRjJtaqCCoTnGiDz8FOCOol9i2yCw7QOEwJrUiJogTFVY6Oc6M7
1lcc8h7oeDUaOaOqC7ZG+1AV/Rbrk79mXNgFfhXjMN7Cxubsk3J9l53JZusjhWVk
s9XbwVLqp54s60/lznmNcAgwKYmUsfj3htA7UeucE6eg+W8RLq1wj16xpcWX9awx
LaORgGVtdz4sNwJEEc7HdM8I8PqJeD62He/D+4YG/8k3WrQ5fYQ0bmeuCb/mDX0E
qIA/s5pyCum+feTaEalEFMGBX8rV6xO+0g9iDGeAI5W2HDQJ2sZ4xNg81S1FAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUemUO1/fAxaGWX7sOVoSch9PemjUwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzIzMTMyMmUzMTMwMzMyZTM0
MzYyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHUZy4w
DQYJKoZIhvcNAQELBQADggEBAEHqJB8x2KYgkhOwZ1H2v2DJy5/z7ErybtbQBMZC
NcHYvdA9S8AMZ1YuX6dflNmsasiKbFGfCoYNDxsvYfS0s4p9LaHj8uO1WWLZmGZE
nC7Jl1bhgUlqEKaRVuKX6Mglm4r8uBYiVQSuqPMY+isKEgAbY/wLVqyvw5DKk9lu
8NNlHV0MqwYkZSRz3g+/4CwiwRuCA/2JvDtSohllRlnyXnyTAIw/EoeA2qn+pP9Q
Q/ub5SRUTWI3+WHk2gEoOGoI5A2gVIi2ZrdO9I559qnQ5F8iYzp8m05G6fZwGNhm
fXxlI1RlTIMQfpOIwaqPVoT5w7GJ2Iwv4jH/HNpil46oqS8=
-----END CERTIFICATE-----